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REMARKS 



By this amendment, claims 1-21 are pending, in which claim 21 is newly presented. No 
claim is canceled, withdrawn, or amended. No new matter is introduced. A proposed 
replacement drawing for Figure 3 is submitted herewith. Applicant respectfully traverses the 
rejection of claims 1-20, and requests reconsideration of the pending application and allowance 
of all pending claims. 

The Office Action mailed October 1, 2003 objected to the drawings as failing to comply 
with 37 C.F.R. § 1.84(p)(4) and rejected claims 1-20 under 35 U.S.C. § 103(a) as obvious over 
Gleeson et al (2000) in view of Lewis et al (U.S. Patent No. 4,924,500). 

In response to the objection to the drawings, Applicant proposes a drawing correction to 
amend Figure 3 to replace the three reference characters "22" with reference characters 22a, 22b 
and 22d, respectively associated with BR 22a linked to CPE 24a and CPE 25a, with BR 22b 
linked to CPE 24b and CPE 25b, and with BR 22d linked to CPE 24d and CPE 25d in the 
drawing. Applicant respectfully submits that these corrections place the drawings in compliance 
with the requirements of 37 C.F.R. § 1.84. A replacement drawing for Figure 3 reflecting these 
proposed corrections is submitted herewith. 

Attention is directed to the rejection of claim 1 as obvious over Gleeson et al, in view of 
Lewis et al Claim 1 is directed to a network system that resists denial of service attacks on an 
access link to a destination host belonging to a virtual private network (VPN), and recites "one or 
more egress boundary routers having connections to an access network including the access link, 
wherein said one or more egress boundary routers transmit intra- VPN traffic from sources 
witliin the VPN and extra- VPN traffic from sources outside the VPN within separate access 
network logical connections for intra- VPN and extra- VPN traffic... such that denial of service 
attacks on said access link originating from sources outside the VPN can be prevented." 
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Gleeson et ai describes a general framework for virtual private networks running across 
IP backbones, without any mention of denial of service attacks. In the context of Gleeson et ai, 
a VPN is defined as the "emulation of a private wide area network (WAN) facility using IP 
facilities." (5eePagel, ^3) 

According to the Office Action mailed on October 1, 2003, "Gleeson does not disclose 
expressly disclose [sic] the network system comprising a Differentiated Services network and 
separate the intra- VPN traffic and extra- VPN (i.e. public VPN) traffic such that denial of service 
attacks on said access link originating from sources outside the VPN can be presented [sic]." 
(See Office Action, Page 3, lines 5-8) Thus, the Office Action relies on Lewis et al for the claim 
features. However, this reliance on Lewis et al is misguided, as Lewis et ai pertains to a 
telephony network with no relevance to an IP based VPN of Gleeson et al, as explained below. 
According to the Office Action mailed on October 1, 2003: 

Lewis discloses a network system comprising two communication paths, signal 
link and public network (i.e. Differentiated Service Network, see figure 1) which 
is used to coupling node A (i.e. an egress boundary router) and node B (i.e. an 
ingress boundary router). The CINS request message (i.e. intra- VPN traffic) is 
sent from the original node-A 10 to the terminating node-B 11. The intra-network 
call (i.e. extra- VPN traffic) can be established through a public network [see 
colunm 2 line 4 - column 3 line 63 and figure 1]. 

It would have been obvious to a person of ordinary skill in the art at the time of 
the invention was made to employ the public network path and protocol within the 
system of Gleeson to separate the intra- VPN traffic and extra- VPN. 

The suggestion/motivation for doing so would have been used to separate the 
logical access path between intra- VPN traffic and extra- VPN so that the denial of 
service attacks can be prevented. 

(See Office Action, Page 3, lines 9-21) 

Lewis et al is directed to private telephone network services (See, e.g„ col. 1, lines 3-4), 
and to providing a network service which will allow intra-network calls that overflow to the 
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public network, and which has the ability to deliver private networking services that are 
transparent to the public network. (See, e.g., col. 1, lines 52-56) 

Lewis et ai, as with Gleeson et al, is completely devoid of any mention of "denial of 
service attacks," much less their prevention. 

Also, there is no suggestion or disclosure by Lewis et al of "intra- VPN traffic from 
sources within the VPN" and "extra- VPN traffic from sources outside the VPN." There is 
instead a discussion of overflow of intra-network traffic into the public network by de-coupling 
feature and voice information such that feature information is transmitted on a signaling link 
established on private and/or public facilities, but voice information is transmitted over a public 
network when calls overflow (emphasis added). {See, e.g., col. 1, lines 61-68) 

The Office Action equates the CINS request message of Lewis et al. as the claimed intra- 
VPN traffic. There is no factual basis for this interpretation, as the signaling link 13 transporting 
the CINS request message cannot be construed as any type of VPN even under Lewis et a/.'s 
definition of virtual private network services (col. 1: 31-34). Applicant further notes that Lewis 
et fl/.'s notion of a virtual private network is not the IP based VPN of Gleeson et al 

The Office Action conmiits another interpretative error by equating the intra-network call 
as the claimed "extra- VPN traffic." At best, even assuming the intra-network call as processed 
by the telephony based Lewis et al system can be reasonably related to an IP based VPN of 
Gleeson et al, the intra-network call is not "extra" traffic. The Office Action completely ignores 
the term "extra" in the term extra- VPN traffic, so much so as to equate it to the contradictory 
term "intra" in intra-network call. 

Furthermore, Applicant respectfully points out that, in the context of telephone network 

services, nodes A and B of Lewis et al are not "routers." The DP network environment of 

Gleeson et al is very different from the telephone network environment of Lewis et al, at least in 
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the differences between routers (IP environment) and switches (telephone network environment) 
for handling traffic on the respective network environments. That is, the nodes A and B are 
telephony switching facilities (see col. 3: 4-42), and cannot be routers, much less the claimed 
"egress boundary routers." 

Therefore, Gleeson et ai and Lewis et aL, even if they can be properly combined based 
on some teaching or suggestion in the references, do not amount to the claim features. 

Moreover, Applicant respectfully submits that there is no motivation to combine any 
features of the telephone network services of Lewis et ai with the IP network features of Gleeson 
et ai to obtain features recited by claim 1. For example, given the technical disparities between 
the telephony system of Lewis et ai and the IP network of Gleeson et ai, one of ordinary skill in 
the art would question the expectation of success of the proposed modification endorsed by the 
Office Action. Pursuant to MPEP § 2143.02, the Examiner must consider whether the modified 
system would have a reasonable expectation of success to meet his burden of showing prima 
facie obviousness. 

Therefore, Applicant respectfully requests the withdrawal of the obviousness rejection, 
and urges the indication that independent claim 1 is allowable. 

For reasons similar to those stated previously with regard to claim 1, Applicant 
additionally submits that the rejection of independent claims 9 and 16 should be withdrawn. The 
rejection of dependent claims 2-8, 10-15, and 17-20 should be withdrawn for at least the same 
reasons as their respective independent claims, and these claims are separately patentable on their 
own merits. 

For example, dependent claim 2, which depends from claim 1, recites, *'a Differentiated 
Services network coupling at least one of the plurality of ingress boundary routers and at least 
one of the one or more egress boundary routers." Although the Office Action indicates that 
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claim 2 is rejected as obvious over Gleeson et al in view of Lewis et ai (Per Office Action 

Summary, Item #6, Office Action, Page 2, lines 15-16, Page 7, line 5), the Office Action is silent 

with regard to any reason(s) for the rejection of claim 2. Applicant submits that the lack of any 

reasoning put forth by the Office Action for the rejection of claim 2 contravenes 35 U.S.C. § 132, 

which requires the Director to "notify the applicant thereof, stating the reasons for such 

rejection." This section is violated if the rejection "is so uninformative that it prevents the 

applicant from recognizing and seeking to counter the grounds for rejection/' Chester v. Miller, 

15 USPQ2d 1333 (Fed. Cir. 1990). This policy is captured in the Manual of Patent Examining 

Procedure. For example, MPEP § 706 states that "[t]he goal of examination is to clearly 

articulate any rejection early in the prosecution process so that applicant has the opportunity to 

provide evidence of patentability and otherwise respond completely at the earliest opportunity." 

Furthermore, MPEP § 706.02(j) indicates that: "[i]t is important for an examiner to properly 

communicate the basis for a rejection so that the issues can be identified early and the applicant 

can be given fair opportunity to respond." 

Applicants respectfully submit that "a Differentiated Services network coupling at least 

one of the plurality of ingress boundary routers and at least one of the one or more egress 

boundary routers" as recited by the combination of features of claim 2 {See also, specification, 

page 4, line 15 - page 5, line 12) is not suggested or disclosed by any of the applied references 

individually, or by any reasonable combination thereof Even assuming, arguendo, that one of 

the applied references mentions a network that might be construed as a Differentiated Services 

network. Applicant submits that, given the technical disparities between the telephony system 

of Lewis et al, and the IP network of Gleeson et al one of ordinary skill in the art would 

question the expectation of success of any proposed modification(s) of these systems for a 

combination of features as recited by claim 2. If the rejection of claim 2 is maintained in a next 
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Office Action, Applicant respectfully requests that the Office Action maintaining the rejection be 
made non-final to afford Applicant a fair opportunity to respond. 

Newly added claim 21 recites, "A method for resisting denial of service attacks on an 
access link to a destination host included in a VPN, the method comprising the steps of: 
assigning a first priority level to intra- VPN traffic flowing from sources included in the VPN; 
assigning a second priority level to extra- VPN traffic flowing from sources outside the VPN; and 
granting, to traffic having the first priority level at the access link, precedence of access to the 
destination host over traffic having the second priority level." Neither of the applied references 
discloses assigning priority levels to intra- VPN traffic and extra- VPN traffic and granting 
precedence of access, to intra- VPN traffic, to a destination host included in the VPN. 
Additionally, neither of the references discloses "resisting denial of service attacks." No new 
matter is added (See, e,g., specification, page 10, lines 4-19). Therefore, it is believed that new 
claim 21 is allowable. 



13 



10/023,043 





Patent 



Therefore, the present application is in condition for allowance. Favorable 
reconsideration is respectfully requested. If any unresolved issues remain, it is respectfully 
requested that the Examiner telephone the undersigned attorney at (703) 425-6499 so that such 
issues may be resolved as expeditiously as possible. 



10507 Braddock Road 
Suite A 

Fairfax, VA 22032 
Tel. (703) 425-6499 
Fax. (703)425-8518 



Respectfully Submitted, 



DITTHAVONG & CARLSON, P.C. 





Margo Livesay, Ph.D. 
Reg. No, 41,946 



Phouphanomketh Ditthavong 
Reg. No. 44,658 



Attorneys for Applicant(s) 
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